Client for accessing AmazonIdentityManagement. All service calls made
using this client are blocking, and will not return until the service call
completes.

AWS Identity and Access Management

AWS Identity and Access Management (IAM) is a web service that you can
use to manage users and user permissions under your AWS account. This
guide provides descriptions of IAM actions that you can call
programmatically. For general information about IAM, see
AWS Identity and Access Management (IAM) . For the user guide for IAM, see Using IAM
.

NOTE:AWS provides SDKs that consist of libraries and sample
code for various programming languages and platforms (Java, Ruby,
.NET, iOS, Android, etc.). The SDKs provide a convenient way to create
programmatic access to IAM and AWS. For example, the SDKs take care of
tasks such as cryptographically signing requests (see below), managing
errors, and retrying requests automatically. For information about the
AWS SDKs, including how to download and install them, see the Tools
for Amazon Web Services page.

We recommend that you use the AWS SDKs to make programmatic API calls
to IAM. However, you can also use the IAM Query API to make direct
calls to the IAM web service. To learn more about the IAM Query API,
see
Making Query Requests
in the Using IAM guide. IAM supports GET and POST requests
for all actions. That is, the API does not require you to use GET for
some actions and POST for others. However, GET requests are subject to
the limitation size of a URL. Therefore, for operations that require
larger sizes, use a POST request.

Signing Requests

Requests must be signed using an access key ID and a secret access
key. We strongly recommend that you do not use your AWS account access
key ID and secret access key for everyday work with IAM. You can use
the access key ID and secret access key for an IAM user or you can use
the AWS Security Token Service to generate temporary security
credentials and use those to sign requests.

To sign requests, we recommend that you use
Signature Version 4
. If you have an existing application that uses Signature Version 2,
you do not have to update it to use Signature Version 4. However, some
operations now require Signature Version 4. The documentation for
operations that require version 4 indicate this requirement.

Additional Resources

For more information, see the following:

AWS Security Credentials
. This topic provides general information about the types of
credentials used for accessing AWS.

IAM Best Practices
. This topic presents a list of suggestions for using the IAM service
to help secure your AWS resources.

AWS Security Token Service
. This guide describes how to create and use temporary security
credentials.

Signing AWS API Requests
. This set of topics walk you through the process of signing a
request using an access key ID and secret access key.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

Adds (or updates) an inline policy document that is embedded in the
specified user.

A user can also have a managed policy attached to it. To attach a
managed policy to a user, use AttachUserPolicy. To create a new
managed policy, use CreatePolicy. For information about policies,
refer to
Managed Policies and Inline Policies
in the Using IAM guide.

For information about limits on the number of inline policies that
you can embed in a user, see
Limitations on IAM Entities
in the Using IAM guide.

NOTE:Because policy documents can be large, you should use
POST rather than GET when calling PutUserPolicy. For general
information about using the Query API with IAM, go to Making Query
Requests in the Using IAM guide.

Parameters:

putUserPolicyRequest Container for the necessary parameters to
execute the PutUserPolicy service method on AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

Retrieves the specified inline policy document that is embedded in
the specified user.

A user can also have managed policies attached to it. To retrieve a
managed policy document that is attached to a user, use GetPolicy to
determine the policy's default version, then use GetPolicyVersion to
retrieve the policy document.

For more information about policies, refer to
Managed Policies and Inline Policies
in the Using IAM guide.

Parameters:

getUserPolicyRequest Container for the necessary parameters to
execute the GetUserPolicy service method on AmazonIdentityManagement.

Returns:

The response from the GetUserPolicy service method, as
returned by AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

Deleting an OIDC provider does not update any roles that reference
the provider as a principal in their trust policies. Any attempt to
assume a role that references a provider that has been deleted will
fail.

This action is idempotent; it does not fail or return an error if you
call the action for a provider that was already deleted.

Parameters:

deleteOpenIDConnectProviderRequest Container for the necessary
parameters to execute the DeleteOpenIDConnectProvider service method
on AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

Changes the status of the specified signing certificate from active
to disabled, or vice versa. This action can be used to disable a
user's signing certificate as part of a certificate rotation work
flow.

If the UserName field is not specified, the UserName is
determined implicitly based on the AWS access key ID used to sign the
request. Because this action works for access keys under the AWS
account, you can use this action to manage root credentials even if
the AWS account has no associated users.

Parameters:

updateSigningCertificateRequest Container for the necessary
parameters to execute the UpdateSigningCertificate service method on
AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

When you attach a managed policy to a role, the managed policy is
used as the role's access (permissions) policy. You cannot use a
managed policy as the role's trust policy. The role's trust policy is
created at the same time as the role, using CreateRole. You can update
a role's trust policy using UpdateAssumeRolePolicy.

Use this API to attach a managed policy to a role. To embed an inline
policy in a role, use PutRolePolicy. For more information about
policies, refer to
Managed Policies and Inline Policies
in the Using IAM guide.

Parameters:

attachRolePolicyRequest Container for the necessary parameters
to execute the AttachRolePolicy service method on
AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

Uploads a server certificate entity for the AWS account. The server
certificate entity includes a public key certificate, a private key,
and an optional certificate chain, which should all be PEM-encoded.

For information about the number of server certificates you can
upload, see
Limitations on IAM Entities
in the Using IAM guide.

NOTE:Because the body of the public key certificate, private
key, and the certificate chain can be large, you should use POST
rather than GET when calling UploadServerCertificate. For information
about setting up signatures and authorization through the API, go to
Signing AWS API Requests in the AWS General Reference. For general
information about using the Query API with IAM, go to Making Query
Requests in the Using IAM guide.

Parameters:

uploadServerCertificateRequest Container for the necessary
parameters to execute the UploadServerCertificate service method on
AmazonIdentityManagement.

Returns:

The response from the UploadServerCertificate service method,
as returned by AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

A user can also have inline policies embedded with it. To list the
inline policies for a user, use the ListUserPolicies API. For
information about policies, refer to
Managed Policies and Inline Policies
in the Using IAM guide.

You can paginate the results using the MaxItems and
Marker parameters. You can use the
PathPrefix parameter to limit the list of policies to
only those matching the specified path prefix. If there are no
policies attached to the specified group (or none that match the
specified path prefix), the action returns an empty list.

Parameters:

listAttachedUserPoliciesRequest Container for the necessary
parameters to execute the ListAttachedUserPolicies service method on
AmazonIdentityManagement.

Returns:

The response from the ListAttachedUserPolicies service method,
as returned by AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

Before you can delete a managed policy, you must detach the policy
from all users, groups, and roles that it is attached to, and you must
delete all of the policy's versions. The following steps describe the
process for deleting a managed policy:

Detach the policy from
all users, groups, and roles that the policy is attached to, using the
DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy APIs. To list
all the users, groups, and roles that a policy is attached to, use
ListEntitiesForPolicy.

Delete all versions of the policy using DeletePolicyVersion. To
list the policy's versions, use ListPolicyVersions. You cannot use
DeletePolicyVersion to delete the version that is marked as the
default version. You delete the policy's default version in the next
step of the process.

Delete the policy (this automatically deletes the policy's
default version) using this API.

For information about managed policies, refer to
Managed Policies and Inline Policies
in the Using IAM guide.

Parameters:

deletePolicyRequest Container for the necessary parameters to
execute the DeletePolicy service method on AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

Deletes the specified role. The role must not have any policies
attached. For more information about roles, go to
Working with Roles
.

IMPORTANT:Make sure you do not have any Amazon EC2 instances
running with the role you are about to delete. Deleting a role or
instance profile that is associated with a running instance will break
any applications running on the instance.

Parameters:

deleteRoleRequest Container for the necessary parameters to
execute the DeleteRole service method on AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

Creates a new AWS secret access key and corresponding AWS access key
ID for the specified user. The default status for new keys is
Active .

If you do not specify a user name, IAM determines the user name
implicitly based on the AWS access key ID signing the request. Because
this action works for access keys under the AWS account, you can use
this action to manage root credentials even if the AWS account has no
associated users.

For information about limits on the number of keys you can create,
see
Limitations on IAM Entities
in the Using IAM guide.

IMPORTANT: To ensure the security of your AWS account, the
secret access key is accessible only during key and user creation. You
must save the key (for example, in a text file) if you want to be able
to access it again. If a secret key is lost, you can delete the access
keys for the associated user and then create new keys.

Parameters:

createAccessKeyRequest Container for the necessary parameters
to execute the CreateAccessKey service method on
AmazonIdentityManagement.

Returns:

The response from the CreateAccessKey service method, as
returned by AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

A group can also have inline policies embedded with it. To list the
inline policies for a group, use the ListGroupPolicies API. For
information about policies, refer to
Managed Policies and Inline Policies
in the Using IAM guide.

You can paginate the results using the MaxItems and
Marker parameters. You can use the
PathPrefix parameter to limit the list of policies to
only those matching the specified path prefix. If there are no
policies attached to the specified group (or none that match the
specified path prefix), the action returns an empty list.

Parameters:

listAttachedGroupPoliciesRequest Container for the necessary
parameters to execute the ListAttachedGroupPolicies service method on
AmazonIdentityManagement.

Returns:

The response from the ListAttachedGroupPolicies service
method, as returned by AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

Lists the MFA devices. If the request includes the user name, then
this action lists all the MFA devices associated with the specified
user name. If you do not specify a user name, IAM determines the user
name implicitly based on the AWS access key ID signing the request.

You can paginate the results using the MaxItems and
Marker parameters.

Parameters:

listMFADevicesRequest Container for the necessary parameters to
execute the ListMFADevices service method on AmazonIdentityManagement.

Returns:

The response from the ListMFADevices service method, as
returned by AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

Creates a new virtual MFA device for the AWS account. After creating
the virtual MFA, use EnableMFADevice to attach the MFA device to an
IAM user. For more information about creating and working with virtual
MFA devices, go to
Using a Virtual MFA Device
in the Using IAM guide.

For information about limits on the number of MFA devices you can
create, see
Limitations on Entities
in the Using IAM guide.

IMPORTANT:The seed information contained in the QR code and
the Base32 string should be treated like any other secret access
information, such as your AWS access keys or your passwords. After you
provision your virtual device, you should ensure that the information
is destroyed following secure procedures.

Parameters:

createVirtualMFADeviceRequest Container for the necessary
parameters to execute the CreateVirtualMFADevice service method on
AmazonIdentityManagement.

Returns:

The response from the CreateVirtualMFADevice service method,
as returned by AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

You cannot delete the default version of a policy using this API. To
delete the default version of a policy, use DeletePolicy. To find out
which version of a policy is marked as the default version, use
ListPolicyVersions.

For information about versions for managed policies, refer to
Versioning for Managed Policies
in the Using IAM guide.

Parameters:

deletePolicyVersionRequest Container for the necessary
parameters to execute the DeletePolicyVersion service method on
AmazonIdentityManagement.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.

com.amazonaws.AmazonClientException
If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.